How Has A Year Of Pandemic Changed Cyber Security?

Uploaded on 2021-04-01 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

In Association with AT Corp. 
In 2020 the pandemic hit and the world has been upside down ever since. So what have we learned during this time and how does it affect us moving forward? In one year the pandemic has transformed just about every part of our lives. From a technology perspective, advances that were “in progress”, like Telehealth, remote work, online retail. remote learning, distance education, virtual training - were thrown into hyper-drive. 
 
Office workers, front-line workers, and people in education, health care, hospitality, transportation and retail were quickly forced into new spaces where technology will have a big impact. Developments we thought were three to five years away are here now and those advances directly impact cyber security.

What Does That Mean To  Cyber Security Professionals?

The virus has impacted cyber in a major way. During the pandemic, “cyber criminals ditched many of their old tactics, placing a new emphasis on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated attacks.” 
There was “a notable shift in the devices targeted and strategies deployed by cyber criminals.” Though there is talk of a return to “normal,” it’s clear that many of the changes we’ve experienced in cybersecurity will become permanent.
 
The immediate impacts include real-world supply chains that are vulnerable to cyber attacks:  
 
  • Touchless commerce means QR codes are now the fastest growing threat vector, cyber attacks against managed service providers (MSPs) are growing, and attackers can compromise the software supply chain and modify executables). 
  • Social engineering can compromise social media platforms; bad actors turned health care records into best sellers. 
  • Cloud security misconfigurations are the leading cause of cloud data breaches, and we now know that Infrastructure monitoring is essential for identifying anomalies.
  • Telehealth means more online access for patients to the hospital IT systems. Hybrid schooling means more access to schools’ IT systems by educators and students. Remote work creates new vulnerabilities for businesses. 
Every industry is facing challenges due to adaptations made as a result of the pandemic. More technology means more consumers interacting with more devices and more suppliers interacting virtually with vendors. More interconnectedness. More entry points for cyber-attacks and more need to train, and retrain, your workforce, virtually most likely. “This past year has taught us that cyber criminals are increasingly formidable, planning long-term, strategic, and focused attacks that are sometimes years in the making. 2020 continued to show us that no company is immune, and there is no such thing as ‘safe enough,’” said Marcin Kleczynski, CEO of Malwarebytes.   

 

Here are some cyber security predictions for 2021 from Dan Lohrmann, CSO of Security Mentor, which have been ushered in by the changes in how we work due to the pandemic:  

  • There will be huge security impacts in the coming year from the move to work from home (WFH) fueled by COVID-19. More attacks will occur on home computers and networks, with bad actors even using home offices as criminal hubs by taking advantage of unpatched systems and architecture weaknesses.
  • The rush to cloud-everything will cause many security holes, challenges, misconfigurations and outages.
  • More growth in the security industry. Our numbers of new products and new year mergers and acquisitions will cause network complexity issues and integration problems and overwhelm cyber teams.
  • Privacy will be a mess, with user revolts, new laws, confusion and self-regulation failing.
  • Identity and multi-factor authentication (MFA) will take center stage as passwords (finally) start to go away in a tipping-point year.
  • Numerous high-profile Internet of Thing (IoT) hacks, some which will make headline news.
  • Ransomware will get worse and worse, with new twists, data stealing prior to encryption, malware packaging with other threats and very specific targeting of organisations.
  • Lots of 5G vulnerabilities will become headline news as the technology grows.
  • Advanced Persistent Threats (APT) attacks will be widely available from criminal networks. The dark web will allow criminals to buy access into more sensitive corporate networks.
  • Mobile devices, including smartphones, will be attacked in new ways, including app stores.
  • Crypto-currencies will play new roles, with criminals switching often for hiding advantages.
  • As digital transformation projects grow, many plans will implode as security challenges mount.

New Skills, New Training

As we rush into a new era, we create the need for new skills. New technology such as the Mobile Internet, Artificial Intelligence, Virtual and Augmented Reality, Cloud Technology, Internet of Things, Advanced Robotics, Biometric Technology, (think drop passwords and use voice, eye, hand, signature authentication), 3D Printing, Genomics, and Blockchain, creates the need for new skills, new training. 
 
Some experts predict there will be a skills shortage with lasting impacts from the pandemic generation, similar to those that marked Great Depression and World War II generations, with broad but hard-to-predict effects that will affect society for decades to come.
 
Companies and individuals must remain vigilant. And this involves making sure your cybersecurity force is as trained and as prepared as possible. 
 
More advances, more bad actors, and more vulnerabilities due to remote work forces and the Internet of Things demand that companies make every effort to upskill and reskill and retrain workers with real training. Leaders need to ensure that their workforce has the skills and training needed to adapt and thrive in this new environment. Michelle Parmelee Deputy CEO of Deloitte, said “If this year has taught us anything, it’s that learning—at school and at work—will never be the same. Already, it’s more digital and individualized, less fixed and face-to-face. And while it may be tempting to fight these changes and instead hope for a return to normalcy, the truth is that things were already trending this way.” 

Can CYRIN Training Help?  

In a word, Yes. One of the things we try to do at CYRIN is start to integrate people into the process. The process means always training and trying to stay up-to-date with your certifications but, most importantly, with your abilities. All the degrees and certifications don't mean anything if you can't do the job. What this pandemic has laid bare is the need for “re-skilling” or effective training. Very often organisations and their staff members receive theoretical knowledge and no practical skills at all. Theoretical knowledge has to be complemented by exercises that will help consolidate new skills.
 
For information on Cyrin cyber training > Click Here  <
 
AT Corp:       Fast Company:        Image: Unsplash
 
You Might Also Read: 
 
New Cyber Training For Security Professionals:
 
« In 2020 40% Of UK Businesses Suffered A Cyber Attack
China & India In Cyber Conflict »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

Exabeam

Exabeam

Exabeam is a global cybersecurity leader that delivers AI-driven security operations.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

SIXGEN

SIXGEN

SIXGEN provides incident response, operational and penetration testing, red teaming, tool development, cyber training development and continuous monitoring.

Randaemon

Randaemon

RANDAEMON’s mission is to create True Random Number Generators (TRNG) that are hardware-based and integrated into System-on-Chip.

Paragon Cyber Solutions

Paragon Cyber Solutions

Paragon Cyber Solutions provides specialized security risk management and IT solutions to protect the integrity of your business operations.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,